公开(公告)号：US12079350B2

公开(公告)日：2024-09-03

申请号：US18301860

申请日：2023-04-17

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/60 ,  G06F21/32 ,  G06F21/62 ,  G06F21/71 ,  G09C1/00 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32

CPC classification number: G06F21/602 ,  G06F21/6218 ,  G06F21/71 ,  G09C1/00 ,  H04L9/0866 ,  H04L9/0877 ,  H04L9/30 ,  H04L9/3231 ,  G06F21/32 ,  H04L2209/125

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

公开(公告)号：US11263306B2

公开(公告)日：2022-03-01

申请号：US16927934

申请日：2020-07-13

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/00 ,  G06F21/46 ,  G06F21/60 ,  G06F21/44 ,  G06F21/85 ,  H04L9/08

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

公开(公告)号：US09529405B2

公开(公告)日：2016-12-27

申请号：US14459482

申请日：2014-08-14

Applicant: Apple Inc.

Inventor： Erik P. Machnicki ,  Gilbert H. Herbeck ,  Shu-Yi Yu ,  Sebastian Skalberg

IPC: G06F1/32

CPC classification number: G06F1/3237 ,  G06F1/3228 ,  G06F1/324 ,  G06F1/3287 ,  Y02D10/128 ,  Y02D10/171 ,  Y02D50/20

Abstract: A system and method for managing idleness of functional units in an IC is disclosed. An IC includes a subsystem having a number of functional units and an idle aggregation unit. When a particular functional unit determines that it is idle, it may assert an idle indication to the idle aggregation unit. When the respective idle indications are concurrently asserted for all of the functional units, the idle aggregation unit may assert and provide respective idle request signals to each of the functional units. Responsive to receiving an idle request unit, a given functional unit may provide an acknowledgement signal to the idle aggregation unit if no transactions are incoming. If all functional units have concurrently asserted their respective acknowledgement signals, the idle aggregation unit may provide an indication of the same to a clock gating unit, which may then gate the clock signal(s) received by the functional units.

Abstract translation: 公开了一种用于管理IC中的功能单元的空闲的系统和方法。 IC包括具有多个功能单元和空闲聚合单元的子系统。 当特定功能单元确定它是空闲时，它可以向空闲聚合单元断言空闲指示。 当对于所有功能单元同时断言相应的空闲指示时，空闲汇聚单元可以向每个功能单元断言并提供相应的空闲请求信号。 响应于接收空闲请求单元，如果没有事务进入，则给定功能单元可以向空闲聚合单元提供确认信号。 如果所有功能单元已经同时确定其各自的确认信号，则空闲聚合单元可以向时钟选通单元提供相同的指示，时钟门控单元然后可以对由功能单元接收的时钟信号进行门控。

公开(公告)号：US20160359476A1

公开(公告)日：2016-12-08

申请号：US14730473

申请日：2015-06-04

Applicant: Apple Inc.

Inventor： Shu-Yi Yu ,  Jean-Didier Allegrucci ,  Timothy Paaske ,  Deniz Balkan

IPC: H03K5/19 ,  H03K5/26

CPC classification number: H03K5/19 ,  H03K5/26

Abstract: An apparatus may include first and second clock monitors. The first clock monitor may be configured to receive a first clock signal and assert a first signal if the frequency of the first clock signal is greater than a first upper threshold and assert a second signal if the frequency of the first clock signal is less than a first lower threshold. The second clock monitor may be configured to receive a second clock signal with a frequency higher than that of the first clock signal. The second clock monitor may be configured to compare the second clock signal, dependent upon the first clock signal, to second upper and lower thresholds and assert a third signal if the frequency of the second clock signal is greater than the second upper threshold and assert a fourth signal if the frequency is less than the second lower threshold.

Abstract translation: 装置可以包括第一和第二时钟监视器。 如果第一时钟信号的频率大于第一上限阈值，则第一时钟监视器可以被配置为接收第一时钟信号并且断言第一信号，并且如果第一时钟信号的频率小于第一时钟信号，则断言第二信号 第一个下限 第二时钟监视器可以被配置为接收频率高于第一时钟信号的频率的第二时钟信号。 第二时钟监视器可被配置为根据第一时钟信号将第二时钟信号与第二上限和下限阈值进行比较，并且如果第二时钟信号的频率大于第二上限阈值则断言第三信号，并且断言第 第四信号，如果频率小于第二较低阈值。

公开(公告)号：US20160314295A1

公开(公告)日：2016-10-27

申请号：US14696581

申请日：2015-04-27

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/46 ,  G06F21/60

CPC classification number: G06F21/46 ,  G06F21/44 ,  G06F21/602 ,  G06F21/606 ,  G06F21/85 ,  G06F2221/2137 ,  H04L9/088

Abstract: An apparatus, a method, and a system are presented in which the apparatus may include a security circuit, a processor, and an interface controller. The security circuit may be configured to generate a keyword. The processor may be configured to determine one or more policies to be applied to usage of the keyword, and to generate a policy value. The policy value may include one or more data bits indicative of the determined one or more policies. The interface controller may be configured to generate a message including the keyword and the policy value. The interface controller may also be configured to send the message.

Abstract translation: 提供了一种装置，方法和系统，其中装置可以包括安全电路，处理器和接口控制器。 安全电路可以被配置为生成关键字。 处理器可以被配置为确定要应用于关键字的使用的一个或多个策略，并且生成策略值。 策略值可以包括指示所确定的一个或多个策略的一个或多个数据比特。 接口控制器可以被配置为生成包括关键字和策略值的消息。 接口控制器还可以被配置为发送消息。

公开(公告)号：US09135202B2

公开(公告)日：2015-09-15

申请号：US13760795

申请日：2013-02-06

Applicant: Apple Inc.

Inventor： Deniz Balkan ,  Gurjeet S. Saund ,  Shu-Yi Yu

IPC: G06F13/40 ,  G06F11/07

CPC classification number: G06F13/4027 ,  G06F11/0766 ,  G06F11/0772

Abstract: Embodiments of a bridge circuit and system are disclosed that may allow for converting transactions from one communication protocol to another. The bridge circuit may be coupled to a first bus employing a first communication protocol, and a second bus employing a second communication protocol. The bridge circuit may be configured to convert transactions from the first communication protocol to the second communication protocol, and convert transaction from the second communication protocol to the first communication protocol. In one embodiment, the bridge circuit may be further configured to flag transactions that cannot be converted from the second communication protocol to the first communication protocol. In a further embodiment, an error circuit coupled to the bridge circuit may be configured to detect flagged transactions.

Abstract translation: 公开了桥接电路和系统的实施例，其可以允许将事务从一个通信协议转换到另一个通信协议。 桥接电路可以耦合到采用第一通信协议的第一总线，以及采用第二通信协议的第二总线。 桥接电路可以被配置为将事务从第一通信协议转换为第二通信协议，并将事务从第二通信协议转换为第一通信协议。 在一个实施例中，桥接电路可以被进一步配置为标记不能从第二通信协议转换到第一通信协议的事务。 在另一个实施例中，耦合到桥接电路的错误电路可以被配置为检测标记的事务。

公开(公告)号：US11941108B2

公开(公告)日：2024-03-26

申请号：US17652517

申请日：2022-02-25

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/00 ,  G06F21/44 ,  G06F21/46 ,  G06F21/60 ,  G06F21/85 ,  H04L9/08

CPC classification number: G06F21/46 ,  G06F21/44 ,  G06F21/602 ,  G06F21/606 ,  G06F21/85 ,  H04L9/088 ,  G06F2221/2137

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

公开(公告)号：US11630903B1

公开(公告)日：2023-04-18

申请号：US17081276

申请日：2020-10-27

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/60 ,  G06F21/62 ,  G09C1/00 ,  H04L9/32 ,  H04L9/08 ,  H04L9/30 ,  G06F21/71 ,  G06F21/32

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

公开(公告)号：US20220179944A1

公开(公告)日：2022-06-09

申请号：US17652517

申请日：2022-02-25

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/46 ,  G06F21/44 ,  G06F21/60 ,  G06F21/85 ,  H04L9/08

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

公开(公告)号：US10713351B2

公开(公告)日：2020-07-14

申请号：US16133625

申请日：2018-09-17

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/00 ,  G06F21/46 ,  G06F21/60 ,  G06F21/44 ,  G06F21/85 ,  H04L9/08

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.